Oracle Soa Suite 12C: Solving a bug

Oracle Soa Suite 12C: Solving a bug

Gepubliceerd: Categorie: Oracle

For a customer in the Netherlands, in the healthcare division, Qualogy is implementing Oracle SOA Suite 12c(12.1.3) and Oracle Service Bus 12c(12.1.3). For connection with a WebService to a backoffice system, we enabled SSL and the OWSM Policy oracle/wss_username_token_over_ssl_service_policy:

We enabled SSL on domain level, created the necessary keystores regarding trust and Identity. After restarting the domain, all alerts in the Fusion Middleware Console seems to have dissappeared.

Oracle raised an official bug for this, Bug 20599654 – OSB Pipeline alerts are not displayed in EM console when SSL is enabled which is under investigation at Oracle Product Development since begin of march, upto now.

What we saw appearing in the logs was that, when we enabled SSL at domainlevel, the OSB aggregator, which aggregates all OSB alert data, was not able to connect over the t3s protocol WebLogic uses for internal applications to connect with eachother over RMI. We saw these messages:

  1. Caused by: javax.naming.CommunicationException: t3://<hostname>.local:7010,<hostname>.local:7020: Destination <ip adress>, 7020 unreachable; nested exception is:
  2. java.net.ConnectException: Connection refused; No available router to destination [Root exception is java.net.ConnectException: t3://<hostname>.local:7010,<hostname>.local:7020: Destination <ip adress>, 7020 unreachable; nested exception is:
  3. java.net.ConnectException: Connection refused; No available router to destination]
  4. at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:40)

Besides of Product Development working on the bug, I started an investigation and found the solution for this.

These are the steps I took:

WebLogic Domain Level

Only the managed servers contained the SSL domain config; I also configured AdminServer not to use demo certificates but the configured trust and identity stores:

 Nodemanagers

After further investigation, I discovered the Nodemanagers were not included to use the SSL keystore configuration, so I added to the nodemanager.properties ( in <Domain home>/nodemanager) on all hosts:

  1. KeyStores=CustomIdentityAndCustomTrust
  2. CustomIdentityKeyStoreFileName=<location Identity Keystore >
  3. CustomIdentityKeyStorePassPhrase=<Password Identity Keystore>
  4. CustomIdentityAlias=<Alias in ID Keysotre >
  5. CustomIdentityPrivateKeyPassPhrase=<Password Identity Keystore>

After this, the Nodemanagers needs to be restarted. After restart you see the password entries are encrypted.

Also the entire domain had to be restarted. To check if the WebLogic domain was listening on SSL  the linux command:

  1. netstat -ntpl | grep 70

Alerts in Fusion Middleware console

Now after restart, we saw that we are using SSL now. We generated some testmessages and did some pipeline validations, and voila.

Publicatiedatum: 20 april 2015

Michel Schildmeijer
Over auteur Michel Schildmeijer

Having started in the pharmacy sector, Michel transitioned to IT in 1996, where he worked on a UNIX TTY terminal-based system and the MUMPS language. He currently works as a solutions architect at Qualogy, with a focus on middleware, application integration and service-oriented architecture. His passion for middleware started in 2000, when he worked as a support analyst in the financial sector with BEA WebLogic and Tuxedo. Michel is an expert on the WebLogic platform. He serves customers in his role as architect and advises them in all aspects of their IT landscape. He became an Oracle ACE in 2012 and wrote two books about WebLogic: Oracle WebLogic Server 11gR1 PS2: Administration Essentials and Oracle WebLogic Server 12c: First Look. He is a well-known speaker at national and international conferences and is recognized as an official Oracle Speaker. Since a few years, he is also an active contributor to the OpenSource community and solutions regarding containerization and DevOps. Furthermore, he is a well-known expert in several communities. He speaks regularly at events in the EMEA region and worldwide, such as KubeCon, Continuous Delivery Summit, Oracle OpenWorld, Groundbreakers Developers Tours and several other tech conferences. Read more at: http://www.qualogy.nl/techblog/author/michel-schildmeijer and https://community.oracle.com/blogs/mnemonic

Meer posts van Michel Schildmeijer
Reacties
Reactie plaatsen